Enhancing the Security of Adobe Flash

Adobe's Flash player has had its share of security issues, so much so that some users have refused to install it. Here's technique that will allow you to keep Flash installed, but allow it to run under your control. It's called ClicktoFlash, and it'll speed up your Safari browsing too.

When you visit a Website that uses Flash, the site sends a request to the Flash Player on your Mac to activate. There may be multiple Flash sources on a page, in addition to the one you're interested in -- perhaps some ads as well. Some may not be easy to see, but they'll still chew up your CPU and pose possible security risks.

Adobe's Flash player, located in /Library/Internet Plug-Ins/ then springs into action to render the videos. A significant problem is that Adobe doesn't supply a auto-updater for the Flash Player and it isn't folded into Mac OS X's Software Update. As a result, many users are left perusing the Internet with, possibly, an older and vulnerable version of Flash, and they don't even know it.

So far, the only solutions have been to either remove the Flash Player or keep a sharp eye out for the latest version and stay on top of the updates.

Fortunately, there is a handy plug-in called ClicktoFlash from the Red Shed Sofwtare Company. It intercepts the request to the Flash Player and inserts a graphic, like the ones below, on a Web page that has Flash content.

Click to play the content or click the gear for options

Note: This utility will work only with Safari 3 or later and Safari 4 is highly recommended. ClicktoFlash, by the way, inserts a .webplugin file into /Users/username/Library/Internet Plug Ins. That's all it does, and it's easy to uninstall if you need to.

A .webplugin file is installed.

From now on, whenever you visit a page that has Flash content, you can selectively chose which Flash item you want to play -- just click it. Ads and other content you're not interested in won't be executed. This will also speed up your browsing.

Note the gear in the upper left corner of the Flash content. That controls all your options, including an option to uninstall. The first popup shows immediate options.

Gear popup for options

The bottom item, ClicktoFlash Settings..., brings up a page of preferences.

Settings

ClicktoFlash has a lot going for it. It's easy to install or uninstall. It's trivial to use in practice. It's in constant development, and you can have it check for updates. You can Whitelist entire sites that you trust. Your Mac will spend less time executing Flash code, and Safari will seem snappier.

Note that this plugin only works for Apple's Safari. If you want equivalent functionality for, say, Firefox or Camino, you can use a product called Flashblock. ClicktoFlash is free, but the developer requests a modest donation of US$6 to support development. I've sent him my donation.

Here's an additional note from the developer on the "invisible" Flash setting.

________

Thanks to TMO reader Sir Harry Flashman for the tip on this very handy plugin.

One annoyances with Safari is that if you try to disable the Flash plug-in and if the web page author includes download references, the user is required to continually dismiss download request dialog boxes.

I especially love this program’s ability to play YouTube videos with QuicTime. It has saved me tens of hours of battery life and millions of RPM’s of fan usage. (I know that’s not technically right, but that’s basically the way it seems .

I just run Safari with the “Enable plug-ins” UNchecked in the Prefs. It’s very easy to hit ‘CMD-,’ with the prefs left at the Security Tab, and click to turn ON plug-ins when necessary. This works great for old hardware and 10.4.11 where ClicktoFlash isn’t an option. Dramatically improves browsing experience.

I am amazed that with all the complaining about FLASH that it is still such a CPU hog. Has me convinced the basic FLASH software architecture must be really a mess, or Adobe truly doesn’t know what they are doing.

Thanks TMO staff and Sir Harry Flashman for this early Christmas present—and you didn’t even need to wrap it!

BTW, ClickToFlash settings are also available in the menu bar under “Safari” when active.

Flash Gordon2:01 AM EST, Dec. 16th, 2009Guest

This page shows you the latest version of Flash Player *AND* the version you have installed:

http://www.adobe.com/products/flash/about/

Not need to go to two separate pages.

Also, for some reason, people do not seem to know about the Adobe Flash Player Settings Manager. You can set some security parameters and also set and interval for it to check for a new version. You *NEED* to go to this page and configure your settings to lesson your chances of a security breach. I’m not sure why this is not more well known. Here is the Settings Manger page: